<?php
if(!empty($_GET["action"]))
	$post=$_GET;
else
	$post=$_POST;
if(!empty($_GET['forward'])&&strpos($_GET['forward'],'script')>0)
	header("Location:login.php");//ȫ

if(!empty($post["action"])&&$post["action"]=="submit")
{
	include_once("includes/global.php");
	include_once("includes/smarty_config.php");
	include_once("config/reg_config.php");

	if(strtolower($_SESSION["auth"])!=strtolower($post["randcode"])&&empty($post['first_index'])&&empty($post['connect_id']))
	{
		//header("Location: login.php?erry=-3");//֤
		if($config['temp'] != 'wap'){
			msg('login.php','验证码错误');
			exit();
		}

	} 
	$config = array_merge($config,$reg_config);
	if($config['openbbs']==2)
	{	//ucenter1.5 login
		$sql="select userid,user,password,email from ".MEMBER." a where user='$post[user]' or email='$post[user]'";
		$db->query($sql);
		$re=$db->fetchRow();//bbûǷ
		if(!empty($re['password']))
		{
			if(substr($re['password'],0,4)=='lock')
				msg('login.php','密码已被锁住');
			//	msg("login.php?erry=-4&connect_id=$post[connect_id]");//֮ǰʹһ빦ܣ�?
			if($re['password']!=md5($post['password']))
				msg('login.php','密码错误');
				//msg("login.php?erry=-2&connect_id=$post[connect_id]");//
		}

		list($uid, $username, $password, $email) = uc_user_login($post['user'], $post['password']);//ucǷ
		
		if($uid>0||$re["userid"])
		{	//ucBB֮һ˻ȷִ²
		
			if($uid<=0&&$re["userid"]>0)//UCڣ£´
			{
				$uid = uc_user_register($re['user'], $post['password'], $re['email']);
				if($re['pid'])
					login($re['pid'],$re['user'],$re['userid']);//˺ŵ¼
				else
					login($re['userid'],$re['user']);//˺ŵ¼
			}
			elseif($uid>0&&$re["userid"]<=0)//UCBB
			{
				$dbc=new dba($config['dbhost'],$config['dbuser'],$config['dbpass'],$config['dbname'],$config['dbport']);
				
				$ip=getip();
				$dbc->query("insert into ".MEMBER." (user,email,password,ip) values 
				('$post[user]','$email','".md5($post['password'])."','$ip')");
				$re['userid']=$dbc->lastid();
				$re['user']=$_POST['user'];
				
				if(empty($config['user_reg']))
					$user_reg=1;
				elseif($config['user_reg']==3)
					$user_reg=1;
				else
					$user_reg=$config['user_reg'];
				login($re['userid'],$re['user']);//վ¼
			}
			else
			{
				if($re['pid'])
					login($re['pid'],$re['user'],$re['userid']);//˺ŵ¼
				else
					login($re['userid'],$re['user']);//˺ŵ¼
			}

			$refer_url = $_SERVER['HTTP_REFERER'];
			if($refer_url == $config['weburl'].'/'){
				$forward = $post['forward']?$post['forward']:$config["weburl"]."/main.php";
			} else {
				$forward = $refer_url;
			}

			msg($forward);
		}
		else
		{
			msg('login.php','用户名不存在');
			//header("Location: login.php?erry=-1&connect_id=".$post['connect_id']);//û
			exit();
		}
	}
	else
	{	
		// no ucenter login
		$sql="select * from ".MEMBER." where user='$post[user]' or email='$post[user]'";
		$db->query($sql);
		$re=$db->fetchRow();

		if($re["userid"])
		{
			if(substr($re['password'],0,4)=='lock')
				msg('login.php','密码已被锁住');
				//msg("login.php?erry=-4&connect_id=$post[connect_id]");//֮ǰʹһ빦ܣ�?
			if($re['password']!=md5($post['password']))
				msg('login.php','密码错误');
				//msg("login.php?erry=-2&connect_id=$post[connect_id]");//
			
			if($re["password"]==md5($post['password']))
			{
				if($re['pid'])
					login($re['pid'],$re['user'],$re['userid']);//˺ŵ¼
				else
					login($re['userid'],$re['user']);
					
				$forward = $post['forward']?$post['forward']:$config["weburl"]."/main.php";
				msg($forward);
			}
		}
		else
			msg('login.php','用户名不存在');
		//msg('login.php?erry=-1&connect_id='.$post['connect_id']);//û
	}
}
//========================================================
function login($uid,$username,$pid=NULL)
{
	global $post,$config;
	$db=new dba($config['dbhost'],$config['dbuser'],$config['dbpass'],$config['dbname'],$config['dbport']);
	if($uid)
		$sql="select lastLoginTime,userid,user,regtime,statu from ".MEMBER." a where a.userid='$uid'";
	else
		$sql="select lastLoginTime,userid,user,regtime,statu from ".MEMBER." where user='$username'";
	$db->query($sql);
	$re=$db->fetchRow();
	
	bsetcookie("USERID","$uid\t$re[user]\t$pid",NULL,"/",$config['baseurl']);
	setcookie("USER",$re['user'],NULL,"/",$config['baseurl']);
	$_SESSION["STATU"]=$re['statu'];
	
	$sql="update ".MEMBER." set lastLoginTime='".time()."' WHERE userid='$uid'";
	$db->query($sql);
	//--------------------------------------qq󶨡
	if(!empty($post['connect_id']))
	{
		$sql="update ".USERCOON." set userid='$uid' where id='$post[connect_id]'";
		$db->query($sql);
	}
}
function do_post($url, $data)
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); 
    curl_setopt($ch, CURLOPT_POST, TRUE); 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data); 
    curl_setopt($ch, CURLOPT_URL, $url);
    $ret = curl_exec($ch);
    curl_close($ch);
    return $ret;
}
function get_url_contents($url)
{
    if(ini_get("allow_url_fopen") == "1")
        return file_get_contents($url);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
    curl_setopt($ch, CURLOPT_URL, $url);
    $result =  curl_exec($ch);
    curl_close($ch);
    return $result;
}

//==================================================================================
include_once("includes/global.php");
include_once("includes/smarty_config.php");
include_once("config/reg_config.php");
include_once("config/connect_config.php");//connect
$config = array_merge($config,$reg_config);
$config = array_merge($config,$connect_config);

if($config['sina_connect']==1)//sina
{
	define( "WB_AKEY" , $config['sina_app_id'] );
	define( "WB_SKEY" , $config['sina_key'] );
	define( "WB_CALLBACK_URL" , "$config[weburl]/oauth.php?type=sina" );
	include_once( 'includes/saetv2.ex.class.php' );
	$o = new SaeTOAuthV2( WB_AKEY , WB_SKEY );
	$code_url = $o->getAuthorizeURL( WB_CALLBACK_URL );
	$tpl->assign("sina_login_url",$code_url);
}
if( empty($_GET['code']) && empty($_GET['state'])){
	$state_rand = rand(1111,9999);
	$state = md5($state_rand);
	$_SESSION['wx_state']=$state_rand;
	$redirect_uri = $config['redirect_uri'];
	$appid = $config['wx_app_id'];
	$wx_url = "https://open.weixin.qq.com/connect/qrconnect?appid=".$appid."&redirect_uri=".urlencode($redirect_uri)."&response_type=code&scope=snsapi_login&state=".$state."#wechat_redirect";
	$tpl -> assign("state",$state);
	$tpl -> assign("wx_url",$wx_url);
}
if(!empty($_GET['method']) && $_GET['method'] == 'ai_login' ){
	require_once("lib/alilogin/alipay.config.php");
	require_once("lib/alilogin/lib/alipay_submit.class.php");
	/**************************请求参数**************************/
	//目标服务地址
	$target_service = "user.auth.quick.login";
	//必填
	//必填，页面跳转同步通知页面路径
	$return_url = $config["weburl"]."/oauth.php";
	//需http://格式的完整路径，不允许加?id=123这类自定义参数

	//防钓鱼时间戳
	$anti_phishing_key = "";
	//若要使用请调用类文件submit中的query_timestamp函数

	//客户端的IP地址
	$exter_invoke_ip = "";
	//非局域网的外网IP地址，如：221.0.0.1

	/************************************************************/

//构造要请求的参数数组，无需改动
	$parameter = array(
			"service" => "alipay.auth.authorize",
			"partner" => trim($alipay_config['partner']),
			"target_service"	=> $target_service,
			"return_url"	=> $return_url,
			"anti_phishing_key"	=> $anti_phishing_key,
			"exter_invoke_ip"	=> $exter_invoke_ip,
			"_input_charset"	=> trim(strtolower($alipay_config['input_charset']))
	);

//建立请求
	$alipaySubmit = new AlipaySubmit($alipay_config);
	$html_text = $alipaySubmit->buildRequestForm($parameter,"get", "确认");
	echo $html_text;
}

if($buid&&empty($_GET['style']))
{
	header("Location:main.php");
	exit();
}


include_once("footer.php");
$tpl -> assign("lang",$lang);
$tpl -> assign("current","office");
$tpl->assign("referer",$_SERVER['HTTP_REFERER']);
if(!empty($_GET['style']))
	$tpl->display("login_box.htm");
else
	$tpl->display("login.htm");
?>